cfn-nag 0.6.19 → 0.7.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 28cde1a5e7484f6b0f2d63097071e68ef162a97de6d5e957cd5638d08aa420ce
-  data.tar.gz: a325b62b2f79bbb4b4ae2beec6a5beec6c0e40ba53cd1bb10b11a9c26f78e72a
+  metadata.gz: 5bab5df0a11168002cb70199493b3de0efd6255d8344c07f919717dffa3f0e24
+  data.tar.gz: 6a82a1c29f40b1cbe2be3349ef3f1e0e750e50c3a48b8956a1c1a8781a6f8993
 SHA512:
-  metadata.gz: 50d18a321a5a0f9050523c657d0f8eee055555fce4e62547738760c5dae59e603ed7ef49e85a4618e51d64fbe30eafd7439e112516c2f7adc021db34b40cacbe
-  data.tar.gz: b44e85f191a4c3710491cfd2ed9e81e6107b641c28414656f19163ee3cf66b547a19296d28836e6fbface9a1087ccb03bfb037dc72e21a242899d0ee70e07b12
+  metadata.gz: 2d91b025958b18d897344dd641a7e62271e6d7fdcd3a9dc55dd2111eb06b79f728382767855e9353719956479db3e4ad62e7e020144f729a68d1fc6275517a49
+  data.tar.gz: 82409f7caf323b64566834e92a50e496514375ca0b5d218cd29ebc74cca13f51b4742820d60b5a7b3ef3e41b08b1c54c573dea79d38bf16fe350959ec9c7d22b

data/lib/cfn-nag/custom_rules/DLMLifecyclePolicyCrossRegionCopyEncryptionRule.rb

@@ -0,0 +1,37 @@
+# frozen_string_literal: true
+
+require 'cfn-nag/violation'
+require 'cfn-nag/util/truthy'
+require_relative 'base'
+
+class DLMLifecyclePolicyCrossRegionCopyEncryptionRule < BaseRule
+  def rule_text
+    'DLM LifecyclePolicy PolicyDetails Actions CrossRegionCopy EncryptionConfiguration should enable Encryption'
+  end
+
+  def rule_type
+    Violation::WARNING
+  end
+
+  def rule_id
+    'W81'
+  end
+
+  def audit_impl(cfn_model)
+    violating_policies = cfn_model.resources_by_type('AWS::DLM::LifecyclePolicy').select do |policy|
+      if policy.policyDetails['Actions'].nil?
+        false
+      else
+        violating_actions = policy.policyDetails['Actions'].select do |action|
+          violating_copies = action['CrossRegionCopy'].select do |copy|
+            !truthy?(copy['EncryptionConfiguration']['Encrypted'].to_s)
+          end
+          !violating_copies.empty?
+        end
+        !violating_actions.empty?
+      end
+    end
+
+    violating_policies.map(&:logical_resource_id)
+  end
+end

data/lib/cfn-nag/custom_rules/KendraIndexServerSideEncryptionConfigurationKmsKeyIdRule.rb

@@ -0,0 +1,27 @@
+# frozen_string_literal: true
+
+require 'cfn-nag/violation'
+require_relative 'base'
+
+class KendraIndexServerSideEncryptionConfigurationKmsKeyIdRule < BaseRule
+  def rule_text
+    'Kendra Index ServerSideEncryptionConfiguration should specify a KmsKeyId value.'
+  end
+
+  def rule_type
+    Violation::WARNING
+  end
+
+  def rule_id
+    'W80'
+  end
+
+  def audit_impl(cfn_model)
+    violating_indices = cfn_model.resources_by_type('AWS::Kendra::Index').select do |index|
+      index.serverSideEncryptionConfiguration.nil? ||
+        index.serverSideEncryptionConfiguration['KmsKeyId'].nil?
+    end
+
+    violating_indices.map(&:logical_resource_id)
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: cfn-nag
 version: !ruby/object:Gem::Version
-  version: 0.6.19
+  version: 0.7.0
 platform: ruby
 authors:
 - Eric Kascic
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-01-18 00:00:00.000000000 Z
+date: 2021-01-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake
@@ -58,28 +58,28 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.11'
+        version: '0.21'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.11'
+        version: '0.21'
 - !ruby/object:Gem::Dependency
   name: cfn-model
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.5.4
+        version: 0.6.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.5.4
+        version: 0.6.0
 - !ruby/object:Gem::Dependency
   name: logging
   requirement: !ruby/object:Gem::Requirement
@@ -199,6 +199,7 @@ files:
 - lib/cfn-nag/custom_rules/CognitoIdentityPoolAllowUnauthenticatedIdentitiesRule.rb
 - lib/cfn-nag/custom_rules/CognitoUserPoolMfaConfigurationOnorOptionalRule.rb
 - lib/cfn-nag/custom_rules/DAXClusterEncryptionRule.rb
+- lib/cfn-nag/custom_rules/DLMLifecyclePolicyCrossRegionCopyEncryptionRule.rb
 - lib/cfn-nag/custom_rules/DMSEndpointMongoDbSettingsPasswordRule.rb
 - lib/cfn-nag/custom_rules/DMSEndpointPasswordRule.rb
 - lib/cfn-nag/custom_rules/DirectoryServiceMicrosoftADPasswordRule.rb
@@ -259,6 +260,7 @@ files:
 - lib/cfn-nag/custom_rules/IotPolicyWildcardResourceRule.rb
 - lib/cfn-nag/custom_rules/KMSKeyRotationRule.rb
 - lib/cfn-nag/custom_rules/KMSKeyWildcardPrincipalRule.rb
+- lib/cfn-nag/custom_rules/KendraIndexServerSideEncryptionConfigurationKmsKeyIdRule.rb
 - lib/cfn-nag/custom_rules/KinesisFirehoseDeliveryStreamRedshiftDestinationConfigurationPasswordRule.rb
 - lib/cfn-nag/custom_rules/KinesisFirehoseDeliveryStreamSplunkDestinationConfigurationHECTokenRule.rb
 - lib/cfn-nag/custom_rules/KinesisStreamStreamEncryptionRule.rb
@@ -381,7 +383,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '2.2'
+      version: '2.5'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="